Slashdot Mirror
Disgruntled Engineer Hijacks San Francisco's Computer System
ceswiedler writes "A disgruntled software engineer has hijacked San Francisco's new multimillion-dollar municipal computer system. When the Department of Technology tried to fire him, he disabled all administrative passwords other than his own. He was taken into custody but has so far refused to provide the password, and the department has yet to regain admin access on their own. They're worried that he or an associate might be able to destroy hundreds of thousands of sensitive documents, including emails, payroll information, and law enforcement documents."
He was arrested AFTER he disabled everyone else's account.
What do you recommend they do next time, use a crystal ball or ouija board to predict who's going to pull such a stunt?
There was an unsuccessful attempt to fire him. The article also mentions that he was essentially spying on people to learn things being said about him.
log in in init 1 (runlevel 1) and change the root password or;
/etc/shadow change this:
in
root:$2$3bJ7DS4R$rV45lDlqNsfDRntfO1NCk0:14069:0:::::
look exactly like this:
root::14069:0:::::
this and you can log in to root without any password
maybe other *nixes are close enough to do the same (BSD or solaris)
on ubuntu the root shadow is a little differrent since it is disabled with an asterisk:
root:*:14069:0:::::
just remove the asterisk
Politics is Treachery, Religion is Brainwashing
Pretty much all Unix systems are hackable with local access.
I'm guessing either the entire file system is encrypted, or the problem is getting into an application that's running under the OS. Most times the OS isn't the final gakekeeper in high security; the application itself may run everything encrypted, and may very well have no easy way to restore access if a password is lost.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Private as in privacy, no. But private as in private property? Yes. If they don't allow someone to gather their things before they leave they could be looking at serious legal troubles.
No, it's pretty common practice. They can directly escort you out of the building without your personal property and they have a reasonable amount of time to gather up your stuff and get it back to you.
Things like car keys, wallet, jacket, briefcase, etc. yes. They'll escort you to your desk to pick those up. But gathering your pictures, books, etc. Nope. They'll do it for you or have you come back at a later date.
"The past was erased, the erasure was forgotten, the lie became truth." ~1984 George Orwell
This is specifically described in the NIST/NSA protection profiles: when a user's access is revoked, all active sessions and running programs should be terminated as well.
Palm trees and 8
For those who wonder what kind of working environment DTIS has:
PeopleSofts HRMS 8.x application software.
PeopleTools 8.4x, PeopleCode, SQL, SQR, COBOL, Application Engine, Oracle and HP/UNIX.
IBM hosts and DB2
Microsoft SQL Server 2000
Just look for open positions and you know what they are running.
If you need a recognized code of ethics to tell you that sabotaging your ex-employer's system isn't right, then no code of ethics can help you.
Integrity and reputation is typically more profitable than malice and destruction.
I've been in the business a few years, and as you get older, you acquire positions of trust. You have too, you can't be "starting out" your whole career. This sort of behavior is a deal breaker. No one will hire him.
When laid off or fired. Collect your stuff, shake hands with your boss, tell them what is left to be completed, politely and with insight, try to be constructive with any discussions on the exit interview. Even a complete moron will leave a better impression than the greatest genius.
Once out, have a beer or two. Calm down. If you'r any good at all, when they are picking up the pieces of the layoff, they'll remember you attitude and professionalism and probably pay you contractor wages to do stuff while you collect unemployment and look for a new job.
It's just not that easy for a sysadmin, especially a major one. For myself, I've got passwords, SSH-keys, and many other access points everywhere in my company. It's not because I want to screw with them, but because they tend to call me at all sorts of different times and I never know if I'll need secure access to the server.
So, routing rules from home. Public SSH keys on various border-servers with my USB-drive having the private keys, etc. They're all used for doing my job, and if I'm fired (not sure why I would be though) I'll just move on to the next one without tainting my career and doing something stupid to burn bridges. However, I could see a *bad* sysadmin using these same tools and more to entrench himself so deeply that you'd almost have to rebuild the entire infrastructure from scratch to find all the back-doors.
If this guy was a real dick (but a clever+smart one), knew it, knew he was going to be canned, and prepared for it... then how are you going to know that your authentication methods, your binaries, or even your kernels haven't been messed with in some way? MD5 sums only go so far when you have hundreds of systems tied together.
Unless you are inept, which, given that this is a government system, could be a plausible explanation here.
Beware of bugs in the above code; I have only proved it correct, not tried it.